CVE-2014-5031

CWE-264 CWE-5910 documents8 sources

Severity

5.0MEDIUM

EPSS

1.6%

top 18.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Canonical Ubuntu Linux

Timeline

PublishedJul 29

Latest updateMay 17

Description

The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debiancups< 1.7.4-2+3

▶NVDapple/cups1.7.4+5

Also affects: Ubuntu Linux 10.04, 12.04, 14.04

Patches

Patch: cups.org ↗Patch: cups.org ↗

🔴Vulnerability Details

GHSA

GHSA-2p5x-6x62-jgxf: The web interface in CUPS before 2↗2022-05-17

▶

CVEList

CVE-2014-5031: The web interface in CUPS before 2↗2014-07-29

▶

OSV

CVE-2014-5031: The web interface in CUPS before 2↗2014-07-29

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2014-09-08

▶

Red Hat

cups: world-readable permissions↗2014-07-22

▶

Debian

CVE-2014-5031: cups - The web interface in CUPS before 2.0 does not check that files have world-readab...↗2014

▶

💬Community

Bugzilla

CVE-2014-5031 cups: world-readable permissions↗2014-08-11

▶

Bugzilla

CVE-2014-5031 cups: world-readable permissions [fedora-all]↗2014-08-11

▶

Bugzilla

CVE-2014-5029 CVE-2014-5030 CVE-2014-5031 cups: Incomplete fix for CVE-2014-3537 [fedora-all]↗2014-07-23

▶